Fedora/RHEL ã§å°Žå…¥ã•ã‚Œã¦ã„ã‚‹ crypto-policies ㌠cygwin ã«ã‚‚ã‚るよã†ã«è¦‹ãˆã‚‹ã‘ã©ã€ãã‚‚ãã‚‚ã“ã‚Œã¯ä½•ï¼Ÿã¨æ€ã£ãŸã®ã§èª¿ã¹ãŸã€‚
crypto-policies ã«ã¤ã„ã¦çŸ¥ã‚ŠãŸã„å ´åˆã¯ä»¥ä¸‹ã®è¨˜äº‹ã‚’èªã‚ã°ã‚ã‹ã‚‹ã€‚
æ°—ã«ãªã£ãŸã®ã¯ã©ã†ã—ã¦ã“れ㌠cygwin ã«ã‚‚å°Žå…¥ã•ã‚Œã¦ã„ã‚‹ã®ã‹ï¼Ÿã¨ã„ã†ç‚¹ã€‚
最åˆã«ã“ã‚Œã«æ°—ã¥ã„ãŸã®ã¯ ruby-puma ã®ãƒ‘ッケージ化ã®æ™‚ã§ã€fedora ã® patch ã«ã©ã†ã„ã†ã‚‚ã®ãŒã‚ã‚‹ã®ã‹ãƒªãƒã‚¸ãƒˆãƒªã‚’見ãŸã‚‰ã€rubygem-puma-3.6.0-fedora-crypto-policy-cipher-list.patch ã¨ã„ㆠpatch file ãŒã‚ã£ã¦ã€ãã®ä¸èº«ãŒã²ã£ã‹ã‹ã£ãŸã‹ã‚‰ã€‚
diff --git a/ext/puma_http11/mini_ssl.c b/ext/puma_http11/mini_ssl.c index 7e0fd5e..88c4652 100644 --- a/ext/puma_http11/mini_ssl.c +++ b/ext/puma_http11/mini_ssl.c @@ -336,7 +336,7 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) { SSL_CTX_set_cipher_list(ctx, RSTRING_PTR(ssl_cipher_filter)); } else { - SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH"); + SSL_CTX_set_cipher_list(ctx, "PROFILE=SYSTEM"); } #if OPENSSL_VERSION_NUMBER < 0x10002000L
SSL_CTX_set_cipher_list 㯠OpenSSL ã®é–¢æ•°ã§ã‚ã‚‹ã«ã‚‚ã‹ã‹ã‚らãšã€ã“ã® patch ã‚’é©ç”¨ã—ãŸã‚‰ "PROFILE=SYSTEM" ã¨ã„ㆠFedora/RHEL 定義ã®æ–‡å—列をãƒãƒ¼ãƒ‰ã‚³ãƒ¼ãƒ‰ã•ã‚Œã¦ã—ã¾ã†ãŒã€OpenSSL å´ãŒçŸ¥ã‚‰ãªã„æ–‡å—列を渡ã—ã¦ã‚‚ã€å®Ÿè¡Œæ™‚エラーã«ãªã‚‰ãªã„ã®ã‹ï¼Ÿ
ã¨ã„ã†ã‚ã‘㧠OpenSSL å´ã®ãƒªãƒã‚¸ãƒˆãƒªã‚’見ãŸã‚‰ã€å¯¾å¿œã™ã‚‹ patch ã‚’é©ç”¨ã—ã¦ãŸã€‚
ã¨ãªã‚‹ã¨ã€cygwin ã® OpenSSL ã«ã‚‚ã“ã® patch ãŒé©ç”¨ã•ã‚Œã¦ã„ã‚Œã°ã€ruby-puma ã«ã‚‚ rubygem-puma-3.6.0-fedora-crypto-policy-cipher-list.patch ã‚’é©ç”¨ã™ã‚‹æ–¹ãŒæœ›ã¾ã—ã„ã¨ã„ã†ã“ã¨ã«ãªã‚‹ã€‚
ã¨ã„ã†ã‚ã‘ã§ç¢ºèªã—ãŸã‚‰ã€cygwin å´ã§ã‚‚é©ç”¨ã—ã¦ãŸã€‚
commit log ã‚’é¡ã‚‹ã¨ã€fedora patches ã‚’å–ã‚Šè¾¼ã¿ã ã—ãŸã‚¿ã‚¤ãƒŸãƒ³ã‚° (1.1 ç³»ã«ç§»è¡Œ) ã§å…¥ã£ãŸæ¨¡æ§˜ã€‚
ãã®ã‚ã¨ã« "PROFILE=SYSTEM" ã®ã»ã‹ã«ã©ã†ã„ã†ã‚‚ã®ãŒã‚ã‚‹ã®ã‹ï¼Ÿãªã©ã‚’調ã¹ã¦ãŸã‚‰ã€æœ€çµ‚çš„ã« crypto-policies ã«ãŸã©ã‚Šç€ã„ãŸã¨ã„ã†ã‚ã‘。
ã¡ãªã¿ã«å…¬å¼ã«ãã“らã¸ã‚“ã®è©±ã‚’書ã„ã¦ã‚‹ãƒ‰ã‚ュメントã¯ãªã•ãã†ã€‚今度 cygwin-app ML ã§ã§ã‚‚訊ã„ã¦ã¿ã‚‹ã‹ã€‚
